ComfyUI 代码问题漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend from comfyanonymous individual developers. A code issue vulnerability exists in ComfyUI version v0.2.4, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which originates from an unauthenticated URL and could lead to a server-side request forgery attack...

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that stems from unfiltered URL parameters and the use of an outdated version of Chromium, which could lead to full-read SSRF and remote...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. FastChat suffers from a code issue vulnerability that stems from server-side request forgery that could lead to internal resource access...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 0.9.1 of dify, which stems from improper handling of the apiendpoint parameter and could lead to a server-side request forgery attack...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large-scale language models. A code issue vulnerability exists in FastChat version 0.2.36, which stems from insufficient validation of path parameters and could lead to a server-side request forgery...

Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in Open WebUI version 0.3.8, which stems from server-side request forgery and could lead to internal services being accessed...

RAGFlow 安全漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow version 0.12.0 that originates from an unvalidated URL and could lead to a server-side request forgery attack...

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery issue in modeldownload.py that could lead an attacker to send requests on behalf of the Applio server...

Applio 代码问题漏洞

Applio is an open source AI voice conversion tool from Spanish AI Hispano. A code issue vulnerability exists in Applio 3.2.7 and earlier versions, which stems from a server-side request forgery and file write issue in modeldownload.py, which could lead an attacker to send a request on behalf of t...

CVE-2024-49822

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

IBM QRadar Advisor 代码问题漏洞

IBM QRadar Advisor is a suite of security threat analysis solutions from International Business Machines IBM. The product includes features such as security threat response and threat probing. A code issue vulnerability exists in IBM QRadar Advisor versions 1.0.0 through 2.6.5, which stems from...

CVE-2025-22474

Dell SmartFabric OS10 Software, versions 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contains a Server-Side Request Forgery SSRF vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery...

VulnCheck KEV: CVE-2022-41412

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery SSRF attacks...

SUSE CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

WordPress Resido theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update vulnerability

Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Resido versions = 3.6...

USN-7348-1 python3.5, python3.8 vulnerabilities

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...

CVE-2024-13838

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'callwebhook' method of the AutomatorSendWebhook class This makes it possible for...

WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Uncanny Automator - Easy...